Register    Login    Forum    Search    FAQ Awesomenauts



Post new topic Reply to topic Go to page 1, 2  Next

Author Message
 Post subject: Regarding that Google malware warning
 Post Posted: Mon Apr 22, 2013 12:47 pm 
Offline
Ronimo Team Member
User avatar

Joined: Thu Apr 23, 2009 5:45 pm
Posts: 6433
Last week on Friday (19 April 2013) our website and forum were reported as containing malware by Google Chrome. Some players are worried about their accounts, so here is an explanation of what happened.

The FTP for http://www.ronimo-games.com was hacked, and the hacker had included malware from another website on our site. We have removed this malware. This forum, however, is hosted on a different server at a different company, at http://www.awesomenauts.com. Awesomenauts.com was not hacked, so the hackers did not have access to the data from this forum.

The reason not only our website, but also this forum was flagged as containing malware by Google, is that some elements of the forum (like some images) are hosted on http://www.ronimo-games.com. This did not include the malware, but Google had flagged everything coming from http://www.ronimo-games.com as tainted, so Chrome also gave an (unnecessary) message for the forum.

So your personal information was not at risk. Nevertheless, changing your passwords regularly is always a good idea, as is using different passwords for different things. So you can consider this a good excuse to change some of your passwords and reuse them less often.


Top 
 Profile  
 
 Post subject: Re: Regarding that Google malware warning
 Post Posted: Mon Apr 22, 2013 1:52 pm 
Offline
User avatar

Joined: Thu Jun 28, 2012 3:33 pm
Posts: 664
Who would want to hack Ronma website?! You guys are so lovable!

_________________
Steam: TatsuRabbit

PSN: SilasChan


Top 
 Profile  
 
 Post subject: Re: Regarding that Google malware warning
 Post Posted: Mon Apr 22, 2013 2:09 pm 
Offline

Joined: Mon Apr 22, 2013 2:07 pm
Posts: 17
I hope you'll be moving away from FTP for file transfer then. SFTP, when combined with PKI authentication, is a far safer (and more secure) alternative - as FTP even sends authentication details to the server plaintext, making it an easy MITM target.

_________________
うるさいうるさいうるさい!


Top 
 Profile  
 
 Post subject: Re: Regarding that Google malware warning
 Post Posted: Mon Apr 22, 2013 2:15 pm 
Offline
User avatar

Joined: Thu Jun 28, 2012 3:33 pm
Posts: 664
katana wrote:
I hope you'll be moving away from FTP for file transfer then. SFTP, when combined with PKI authentication, is a far safer (and more secure) alternative - as FTP even sends authentication details to the server plaintext, making it an easy MITM target.


My reaction reading your comment:
http://www.youtube.com/watch?v=Ccoj5lhLmSQ

_________________
Steam: TatsuRabbit

PSN: SilasChan


Top 
 Profile  
 
 Post subject: Re: Regarding that Google malware warning
 Post Posted: Mon Apr 22, 2013 2:31 pm 
Offline

Joined: Mon Apr 22, 2013 2:07 pm
Posts: 17
Tatsu Rabbit wrote:
katana wrote:
I hope you'll be moving away from FTP for file transfer then. SFTP, when combined with PKI authentication, is a far safer (and more secure) alternative - as FTP even sends authentication details to the server plaintext, making it an easy MITM target.


My reaction reading your comment:
http://www.youtube.com/watch?v=Ccoj5lhLmSQ


http://en.wikipedia.org/wiki/Ftp#Security
http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol

Quote:
FTP is not able to encrypt its traffic; all transmissions are in clear text, and usernames, passwords, commands and data can be easily read by anyone able to perform packet capture (sniffing) on the network.


Basically, anyone eavesdropping on the connection can steal the username and password for the FTP login without any issues at all. FTP was outdated and dangerous to use 10 years ago, and yet it's still being used in production to this day - which makes anyone with any bit of security experience groan in agony. There's a number better alternatives out there (SCP being a very good one), but few care enough about their server/site security to use them.

Hope that provides a bit better context.

_________________
うるさいうるさいうるさい!


Top 
 Profile  
 
 Post subject: Re: Regarding that Google malware warning
 Post Posted: Mon Apr 22, 2013 2:39 pm 
Offline
User avatar

Joined: Sun Oct 14, 2012 7:08 am
Posts: 825
MITM can only be done on someone if they're in the same network? Does that mean the hacker was in physical proximity of a dev when he/she logged in the ftp?

_________________
Wanna smell like a League 9 but play like a League 1?

Check out my YouTube channel!
http://www.youtube.com/user/mizuhonova/

I only upload GOOD games (vs L1s/2s or premades). All videos have opponent's names on the title so you might be in my videos! :D


Top 
 Profile  
 
 Post subject: Re: Regarding that Google malware warning
 Post Posted: Mon Apr 22, 2013 2:43 pm 
Offline

Joined: Mon Apr 22, 2013 2:07 pm
Posts: 17
Lightning wrote:
MITM can only be done on someone if they're in the same network? Does that mean the hacker was in physical proximity of a dev when he/she logged in the ftp?


or if the network or same system was compromised by $attacker to obtain credentials. more likely than not, it's either someone guessing the FTP credentials or malware on a computer that was used to contact the FTP server.

also possible, if one of the devs with access to FTP did so over open wifi while someone was monitoring said wifi with something like firesheep - which should be a reminder to everyone, never login to anything over open wifi if the site isn't fully HTTPS secured. If you want to do crap like that, use a VPN for security, otherwise someone can eavesdrop and steal your accounts with impunity.

_________________
うるさいうるさいうるさい!


Top 
 Profile  
 
 Post subject: Re: Regarding that Google malware warning
 Post Posted: Mon Apr 22, 2013 4:25 pm 
Offline
Ronimo Team Member
User avatar

Joined: Thu Apr 23, 2009 5:45 pm
Posts: 6433
I actually think the problem was more likely to be on the server itself. I suspect they might have hacked the server and gained access to all websites run on that server, also from other companies. Good thing awesomenauts.com runs with a different server company than ronimo-games.com...


Top 
 Profile  
 
 Post subject: Re: Regarding that Google malware warning
 Post Posted: Mon Apr 22, 2013 4:38 pm 
Offline

Joined: Mon Apr 22, 2013 2:07 pm
Posts: 17
Joost wrote:
I actually think the problem was more likely to be on the server itself. I suspect they might have hacked the server and gained access to all websites run on that server, also from other companies. Good thing awesomenauts.com runs with a different server company than ronimo-games.com...


I expect then, you're changing providers? Shared hosts often have that sort of...well, inadequate methods to protect customers from one another; cross-exploitation of customers is a very bad sign at how the service is being managed, because at the very minimum file permissions are being mismanaged. Maybe you guys ought to grab a VPS and run your own box.

_________________
うるさいうるさいうるさい!


Top 
 Profile  
 
 Post subject: Re: Regarding that Google malware warning
 Post Posted: Tue Apr 23, 2013 3:35 am 
Offline
User avatar

Joined: Thu Dec 13, 2012 8:00 am
Posts: 1545
Location: Canada
katana wrote:
Joost wrote:
I actually think the problem was more likely to be on the server itself. I suspect they might have hacked the server and gained access to all websites run on that server, also from other companies. Good thing awesomenauts.com runs with a different server company than ronimo-games.com...


I expect then, you're changing providers? Shared hosts often have that sort of...well, inadequate methods to protect customers from one another; cross-exploitation of customers is a very bad sign at how the service is being managed, because at the very minimum file permissions are being mismanaged. Maybe you guys ought to grab a VPS and run your own box.

finally
someone that actually knows something about network security
where have you been all my life. Also, grabbing a VPS is always nice.
---
Are all the files CHMODdded at the proper permissions? Is there a vulnerable script that someone can SQL inject into?

_________________
Steam: MikalMirkas
Leader of VnD (now on hiatus)
rockhardGamer wrote:
anything mikal has ever said is automatically funny and i would recommend avoiding that garbage *

I've officially quit endorsing Ronimo due to how Machiel handled a certain scenario involving user harassment.


Top 
 Profile  
 
Display posts from previous:  Sort by  
 
Post new topic Reply to topic Go to page 1, 2  Next